Kurt Zeilenga wrote: > IIRC, if you want all authenticated users without a directory entry to be > treated as anonymous, you can perform a authzid mapping through an LDAP > lookup and basically force that behavior.
Actually my slapd.conf contains a authz-regexp directive for that purpose. But although there's no authz-DN found for the technical authc-DN the client is treated as authenticated. Yes, this is described in slapd.conf(5) but IMO it's wrong. So I have to add the work-around <WHO> field Pierangelo suggested to all those ACLs. Ciao, Michael.